Use runtime-helpers in apps (part 2/3) (#306)

* feat(lib): Add runtime-helpers library

* feat(docs): Document runtime-helpers usage

* feat(lib): Use runtime-helpers in 5 apps

verified-broadcast, verify-dashboard, verify-push-backend, verify-retry,
and video-token

* fix(lib): runtime-helpers in package.json for 4 apps

* fix(lib): verified-broadcast auth env variables

* fix(docs): verified-broadcast README.md

Author: jmulcahey-twilio

verified-broadcast/.env

@@ -3,10 +3,15 @@
 # required: true
 TWILIO_PHONE_NUMBER=
 
-# description: Choose a passcode for your app. Users have to use this passcode to send SMS broadcasts or delete all subscriptions
+# description: Choose a username for your app. Users have to use this username and passcode to send SMS broadcasts or delete all subscriptions
+# format: text
+# required: true
+AUTH_USERNAME=
+
+# description: Choose a passcode for your app. Users have to use this username and passcode to send SMS broadcasts or delete all subscriptions
 # format: secret
 # required: true
-PASSCODE=
+AUTH_PASSCODE=
 
 # description: SID of a Twilio Messaging Service. Otherwise one will automatically be provisioned for you.
 # format: sid
@@ -25,4 +30,3 @@ BROADCAST_NOTIFY_SERVICE_SID=
 # link: https://www.twilio.com/console/verify/services
 # required: false
 VERIFY_SERVICE_SID=
-

verified-broadcast/README.md

@@ -10,36 +10,37 @@ This project requires some environment variables to be set. To keep your tokens
 
 In your `.env` file, set the following values:
 
-| Variable                     | Description                                                                                                                                                       | Required |
-| :--------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
-| TWILIO_PHONE_NUMBER | The Twilio phone number to send broadcast SMS from | Yes |
-| PASSCODE | Choose a passcode for your app. Users have to use this passcode to send SMS broadcasts or delete all subscriptions | Yes |
-| BROADCAST_NOTIFY_SERVICE_SID       | SID of your Twilio Notify Service. Otherwise one will automatically be provisioned for you. | No      |
-| MESSAGING_SERVICE_SID | SID of a Twilio Messaging Service. Otherwise one will automatically be provisioned for you. | No |
-| VERIFY_SERVICE_SID           | SID of your Twilio Verify Service. Create one [here](https://www.twilio.com/console/verify/services). Otherwise one will automatically be provisioned for you. | No      |
+| Variable                     | Description                                                                                                                                                    | Required |
+| :--------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
+| TWILIO_PHONE_NUMBER          | The Twilio phone number to send broadcast SMS from                                                                                                             | Yes      |
+| AUTH_USERNAME                | Choose a passcode for your app. Users have to use this username and passcode to send SMS broadcasts or delete all subscriptions                                | Yes      |
+| AUTH_PASSCODE                | Choose a passcode for your app. Users have to use this username and passcode to send SMS broadcasts or delete all subscriptions                                | Yes      |
+| BROADCAST_NOTIFY_SERVICE_SID | SID of your Twilio Notify Service. Otherwise one will automatically be provisioned for you.                                                                    | No       |
+| MESSAGING_SERVICE_SID        | SID of a Twilio Messaging Service. Otherwise one will automatically be provisioned for you.                                                                    | No       |
+| VERIFY_SERVICE_SID           | SID of your Twilio Verify Service. Create one [here](https://www.twilio.com/console/verify/services). Otherwise one will automatically be provisioned for you. | No       |
 
 ### Function Parameters
 
 `start-verify.js` expects the following parameters:
 
-| Parameter      | Description                                 | Required |
-| :------------- | :------------------------------------------ | :------- |
-| `to`       | Subscriber phone number. | Yes  |
+| Parameter | Description              | Required |
+| :-------- | :----------------------- | :------- |
+| `to`      | Subscriber phone number. | Yes      |
 
-`broadcast.js` has to be authenticated using HTTP Basic Auth using `admin` as username an the configured `PASSCODE` as password. It expects the following parameters:
+`broadcast.js` has to be authenticated using HTTP Basic Auth using the configured `AUTH_USERNAME` as the username and the configured `AUTH_PASSCODE` as the password. It expects the following parameters:
 
-| Parameter      | Description                                 | Required |
-| :------------- | :------------------------------------------ | :------- |
-| `body`     | Message body to send to subscribers             | Yes |
-| `tag`      | Notify [tag](https://www.twilio.com/docs/notify/api/notification-resource#create-a-notification-resource) to filter broadcast. | No |
+| Parameter | Description                                                                                                                    | Required |
+| :-------- | :----------------------------------------------------------------------------------------------------------------------------- | :------- |
+| `body`    | Message body to send to subscribers                                                                                            | Yes      |
+| `tag`     | Notify [tag](https://www.twilio.com/docs/notify/api/notification-resource#create-a-notification-resource) to filter broadcast. | No       |
 
 `subscribe.js` expects the following parameters:
 
-| Parameter      | Description                                 | Required |
-| :------------- | :------------------------------------------ | :------- |
-| `to`       | Subscriber phone number. Used for identity.     | Yes |
-| `code`     | One-time passcode sent via SMS.                 | Yes |
-| `tags`     | Notify [tags](https://www.twilio.com/docs/notify/api/notification-resource#create-a-notification-resource) to filter broadcast. Defaults to 'all'. | No |
+| Parameter | Description                                                                                                                                        | Required |
+| :-------- | :------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
+| `to`      | Subscriber phone number. Used for identity.                                                                                                        | Yes      |
+| `code`    | One-time passcode sent via SMS.                                                                                                                    | Yes      |
+| `tags`    | Notify [tags](https://www.twilio.com/docs/notify/api/notification-resource#create-a-notification-resource) to filter broadcast. Defaults to 'all'. | No       |
 
 ## Setup
 
@@ -84,7 +85,7 @@ You will need the generated SID for this service to configure your environment i
 
 ### Deploy the Function template
 
-Add the Notify Service SID to the `.env` file as `BROADCAST_NOTIFY_SERVICE_SID` and the Verify Service SID as `VERIFY_SERVICE_SID`. Add any passcode for the admin that is permitted to send broadcast messages to the `.env` file as `PASSCODE`.
+Add the Notify Service SID to the `.env` file as `BROADCAST_NOTIFY_SERVICE_SID` and the Verify Service SID as `VERIFY_SERVICE_SID`. Add any username and passcode for the admin that is permitted to send broadcast messages to the `.env` file as `AUTH_USERNAME` and `AUTH_PASSCODE`, respectively.
 
 Deploy your functions and assets with the following command. Note: you must run this command from inside your project folder. [More details in the docs.](https://www.twilio.com/docs/labs/serverless-toolkit)
 
@@ -100,4 +101,4 @@ In a few moments your Function should be deployed! Grab its URL from the results
 
 Once the Function is deployed, people can subscribe via the form on `/subscribe.html`. Users can respond `stop/start` to use Twilio's built-in stop handling to opt a user out from, or back in to, receiving messages (check out this article for [further details on Twilio's built-in features for handling opt-out/in keywords](https://support.twilio.com/hc/en-us/articles/223134027-Twilio-support-for-opt-out-keywords-SMS-STOP-filtering-)).
 
-Administrators can use the form on `/broadcast.html` to send a message out to all subscribed users. This will send an OTP to the administrator for verification before broadcasting a message.  
+Administrators can use the form on `/broadcast.html` to send a message out to all subscribed users. This will send an OTP to the administrator for verification before broadcasting a message.

verified-broadcast/assets/auth.private.js

@@ -1,3 +1,5 @@
+const { isAuthenticated } = require('@twilio-labs/runtime-helpers').auth;
+
 /**
  *  Broadcast a message
  *
@@ -8,15 +10,23 @@
  *  }
  */
 exports.handler = async (context, event, callback) => {
-  const { isAuthenticated } = require(Runtime.getAssets()['/auth.js'].path);
   const { setupResourcesIfRequired } = require(Runtime.getAssets()['/setup.js']
     .path);
 
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
 
-  if (!isAuthenticated(context, event)) {
-    response.setBody({ success: false, error: 'INVALID CREDENTIALS' });
+  try {
+    if (!isAuthenticated(context, event)) {
+      response.setBody({ success: false, error: 'INVALID CREDENTIALS' });
+      response.setStatusCode(401);
+      return callback(null, response);
+    }
+  } catch (error) {
+    response.setBody({
+      success: false,
+      error: `Authentication error: ${error.message}`,
+    });
     response.setStatusCode(401);
     return callback(null, response);
   }

verified-broadcast/functions/broadcast.js

@@ -3,6 +3,7 @@
   "private": true,
   "dependencies": {
     "@twilio/runtime-handler": "1.2.0",
+    "@twilio-labs/runtime-helpers": "^0.1.2",
     "basic-auth": "^2.0.1",
     "tsscmp": "^1.0.6",
     "twilio": "^3.67.2"

verified-broadcast/package.json

@@ -1,5 +1,6 @@
 const broadcastFunction = require('../functions/broadcast').handler;
 const helpers = require('../../test/test-helper');
+const { isAuthenticated } = require('@twilio-labs/runtime-helpers').auth;
 
 const mockVerificationCheck = {
   verificationChecks: {
@@ -24,10 +25,11 @@ const mockClient = {
   },
 };
 
-const mockIsAuthenticated = jest.fn(() => true);
-jest.mock('../assets/auth.private.js', () => {
+jest.mock('@twilio-labs/runtime-helpers', () => {
   return {
-    isAuthenticated: mockIsAuthenticated,
+    auth: {
+      isAuthenticated: jest.fn(() => true),
+    },
   };
 });
 
@@ -42,7 +44,8 @@ const VERIFY_SERVICE_SID = 'default';
 
 const testContext = {
   VERIFY_SERVICE_SID,
-  PASSCODE: 'test-code',
+  AUTH_USERNAME: 'admin',
+  AUTH_PASSCODE: 'test-code',
   BROADCAST_NOTIFY_SERVICE_SID: 'placeholder',
   TWILIO_PHONE_NUMBER: '+12223334444',
   getTwilioClient: () => mockClient,
@@ -60,7 +63,7 @@ describe('verified-broadcast/broadcast', () => {
   });
 
   test('does not allow broadcasting without valid code', (done) => {
-    mockIsAuthenticated.mockReturnValueOnce(false);
+    isAuthenticated.mockReturnValueOnce(false);
 
     const callback = (err, result) => {
       expect(err).toEqual(null);

verified-broadcast/tests/auth.test.js

@@ -22,7 +22,8 @@ jest.mock('../assets/setup.private.js', () => {
 
 const testContext = {
   VERIFY_SERVICE_SID: 'default',
-  PASSCODE: 'test-code',
+  AUTH_USERNAME: 'admin',
+  AUTH_PASSCODE: 'test-code',
   BROADCAST_NOTIFY_SERVICE_SID: 'placeholder',
   TWILIO_PHONE_NUMBER: '+12223334444',
   getTwilioClient: () => mockClient,

verified-broadcast/tests/broadcast.test.js

@@ -38,7 +38,8 @@ const VERIFY_SERVICE_SID = 'default';
 
 const testContext = {
   VERIFY_SERVICE_SID,
-  PASSCODE: 'test-code',
+  AUTH_USERNAME: 'admin',
+  AUTH_PASSCODE: 'test-code',
   BROADCAST_NOTIFY_SERVICE_SID: 'placeholder',
   TWILIO_PHONE_NUMBER: '+12223334444',
   getTwilioClient: () => mockClient,

verified-broadcast/tests/start-verify.test.js

@@ -18,18 +18,18 @@
  *  }
  */
 
+const { createCORSResponse } = require('@twilio-labs/runtime-helpers').response;
+
 // eslint-disable-next-line consistent-return
 exports.handler = function (context, event, callback) {
-  const response = new Twilio.Response();
+  // set to true to support CORS
+  const supportCors = false;
+  /* istanbul ignore next */
+  const response = supportCors
+    ? createCORSResponse('*')
+    : new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
 
-  /*
-   * uncomment to support CORS
-   * response.appendHeader('Access-Control-Allow-Origin', '*');
-   * response.appendHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
-   * response.appendHeader('Access-Control-Allow-Headers', 'Content-Type');
-   */
-
   if (
     typeof event.to === 'undefined' ||
     typeof event.verification_code === 'undefined'